How to Protect your Internet Anonymity and Privacy/Proprietary Anonymity Networks

Proprietary Anonymity Networks

Before the 2008 Summer Olympics in Beijing, several censorship circumventing organizations pulled resources to offer a suite of existing tools under the umbrella of Global Internet Freedom Consortium (GIFC). All tools are originated to bypass Chinese censorship.

All GIFC software are proprietary, which is unusual because users have to trust the organizations without external software reviews, and without knowledge of the organizational structures. Perhaps the constant technical battle with the Chinese authorities need rapid response and tight control that open source do not allow. To rely less on the integrity of these tools one can add VPNs, web proxies, and sandbox them in virtual machines. Available only for Windows, the use of Windows virtual machines is necessary for other operating systems.

Since this book was published, Hal Roberts reported that FreeGate, GPass and FirePhoenix offer to sell user data on a partner website. Not only that aggregate data are published, the FAQ seems to imply that confidential user information may be available for a fee, if the buyer pass a strict screening test.

A representative from the GIFC also revealed that they store information on an individual level, and because of this, by law they are, and have been, required to share this data with the FBI on request. There is no US law that require storing of such information. In contrast, many European countries have the so called Data Retention laws and the EU has a Directive for it.

Ironically, these organizations impose censorship with URL filters mainly to "protect" users from dangerous websites. And perhaps with limited resources, they have to limit internet activities to worthwhile contents as they see fit.

Most of these software are detected as malware. The explanation from the authors are that the Chinese authority reports them as such and the malware detection companies rely on some form of voting.

The UltraSurf program file is portable, for direct execution without installation. UltraSurf fires up Internet Explorer automatically, and set its proxy connection port. On exit, UltraSurf also erase browsing history. On Firefox, there is a UltraSurf helper plug-in to set the proxy and toggle the on/off state.

UltraSurf is simplest to run and most responsive. The service is merely an encrypted proxy server with redundancy. The encryption is claimed to be SSL version 3, which is apparently a more advanced version of the current browser standard. It appears that newer versions blend in like other encrypted contents.

GPass is another encrypted proxy, but there are very desirable and distinctive features.

GPass provides encrypted tunnels for internet applications very much like VPNs. Unlike VPNs, secure tunnels are only established if applications are fired up via the GPass GUI. Therefore normal traffic and anonymous traffic can share the internet connection at the same time.

GPass optionally uses Skype or TOR to reach it's servers. The addition of these P2P networks makes tracing users more difficult. However, the critical elements are still the GPass servers, with knowledge of user IP, destination and unencrypted web contents.

The use of Skype client forces all Skype users, typically over 10 millions online, to help in the circumvention of censorship. GPass can only be blocked only if Skype can be blocked, and the censor is willing to block it. The use of Skype as a proxy to the GPass servers does not seem to decrease surfing speed. However, during startup and after idle times, the response time is slower. This is perhaps because the Skype protocol is designed for voice traffic. Once the connection warms up, the delay due to Skype is not noticeable.

GPass via Skype can run successfully on top of a VPN, with an encrypted web proxy as the exit node, with little penalty in speed. The mix and match of these independent services begin to resemble more sophisticated anonymity networks such as TOR and JonDonym.